Malware Insights
The PDF document contains embedded URLs and a visual call-to-action button, strongly suggesting a phishing or social engineering attempt. The primary URL, http://netcdn.tw/app/835599320/freer-tiktok-game-hack, is presented as a lure for a 'free TikTok game hack'. While no scripts were explicitly extracted, the ML classifier flagged this PDF as malicious, and the presence of multiple suspicious URLs indicates a high likelihood of a malicious download or redirection. The document's content and structure align with a spearphishing attachment tactic.
Machine Learning
- Nyx PDF Classifier malicious score 0.9625
Heuristics 3
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://netcdn.tw/app/835599320/freer-tiktok-game-hack PDF link annotation
- https://infocorrosion.com/images/minecraft-svg-free_GM479516143.pdfIn PDF document text
- https://infocorrosion.com/images/create-minecraft-server-free_GM479516143.pdfIn PDF document text
- https://infocorrosion.com/images/rbx-free-robux_GM431946152.pdfIn PDF document text
- https://infocorrosion.com/images/how-to-get-free-tiktok-fans_GM835599320.pdfIn PDF document text
- https://infocorrosion.com/images/free-coin-master-spins-2021_GM406889139.pdfIn PDF document text
- https://infocorrosion.com/images/free-robux-accounts_GM431946152.pdfIn PDF document text
- http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_002_off000030be.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x30BE | 23404 bytes |
SHA-256: cd9b2eb47ac04cb4fae81f4192068ac28ef81f00d505dac66d925b539e1183fc |
|||
font_01_sfnt_off0000659b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x659B | 17456 bytes |
SHA-256: eee1edbfcd64309e57980115a02bab568c84f21b085b7ef169a7723337a1b17d |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.